News Stay informed about the latest enterprise technology news and product updates.

Microsoft's weeklong security blitz

Microsoft is mending its security ways. That was the gist this week of a Redmond stump speech that stretched from the RSA show in San Francisco to Bill Gates' college-speaking blitz to the e-Crime Congress in London.

Some of the speeches focused on the security of specific products; others hit on broader themes, such as spam and patch management, but all stayed "on message" that this year will be less of a security headache for Microsoft customers than the great migraine that was 2003.

The week kicked off with Gates using his keynote speech at RSA's signature event to outline the security features in the coming release of Windows XP Service Pack 2. Those features include an on-by-default firewall, Internet Explorer tweaks to simplify Active X controls, and a new console for the Windows Security Center management console.

Microsoft's chairman, who was anointed the world's richest man again by Forbes magazine this week, also delved into security issues during his speaking tour of five U.S. colleges. Gates made stops at MIT, Harvard, Carnegie Mellon, the University of Illinois and Cornell.

In other Redmond-related security news this week:

  • Network gatekeepers. Microsoft and RSA Security announced a new partnership to provide better network security in Windows environments. Their new jointly developed authentication technology, which is based on RSA's SecurID tokens, targets security at the point at which users enter corporate networks.
  • SMTP enhancements for Exchange. Also at RSA, Microsoft announced that it will make improvements to the Simple Mail Transfer Protocol (SMTP) relay for its Exchange messaging platform. The new boundary agent at the edge of the network would, among other things, provide "e-mail Caller ID" to authenticate mail before it is accepted by Exchange Server. In a related development, Sendmail, which boasts that it handles 60% of the world's e-mail traffic on its mail transfer agent, announced this week that it too will develop such technology.
  • The password death knell. Gates predicted the death of the computer password. Let's face it. Users are the weakest link in system security. They use the same passwords on multiple systems, they create blatantly obvious passwords and they post them on slips of paper near their computers. The authentication standard of the future, Gates said, will likely be "tamper-resistant" biometric ID-card software.
  • Betting on an arrest. David Aucsmith, chief technology officer for Microsoft's security business and technology unit, told an audience at the e-Crime conference in London that "the odds are in our favor" for arrests in the Sobig, Blaster and Mydoom investigations. The gambling analogy is apt, since Microsoft placed a series of $250,000 bets -- in the form of bounties -- to catch the authors of those worms.
  • Feeling their patching pain. At that same conference, Aucsmith also admitted to a Microsoft shortcoming that administrators have known about for a long time: Microsoft patches are a royal pain. To fix the problem, Aucsmith said, Redmond will make patches in the future that can be "reversed out" and implemented without having to reboot systems.
  • January meltdown for Linux. In the never-ending debate on whose operating system is more secure, Windows is pummeling Linux, according to new research from a British consultancy called Mi2g. In January, the firm said, there were 13,654 successful attacks against Linux systems, while 2,005 attacks were logged against Windows systems. The title of safest OS in this survey went elsewhere, however. That top honor was a tie between Berkeley Software Distribution (BSD) and Mac OS X. But to put that in perspective, those OSes only have a tiny fraction of the installed base that Windows and Linux enjoy.


Gates tries to win back security pros' trust

Microsoft to beef up SMTP relay for Exchange

Gates predicts death of the password

Windows outpoints Linux in new security study

Microsoft pledges improvements in patching

Dig Deeper on Windows client management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.